10-20-2016 12:44 AM - edited 02-21-2020 09:01 PM
Hi all
I need to do a L2TP/IPsec Client VPN from a Cisco Router (800 series) to a Meraki MX64. How can I do that? Are there any Configuration examples?
Thanks for any advice.
Best Regards,
Daniel
10-20-2016 08:14 PM
Hi fuhdan,
Can you be a little bit more specific about what you need to do here, considering you can configure l2tp from a router to a MX i supposed you are trying to do something like this:
L2TPclient---------Router---------MX
So let me know if i am not correct, you are going to have clients connecting to the Router using L2TP and those client should be able to access the resources on the MX through a S2S tunnel, am i right?
Check this links out:
Router L2TP config:
https://supportforums.cisco.com/document/9878401/l2tp-over-ipsec-cisco-ios-router-using-windows-8
Router to MX S2S configuration:
https://documentation.meraki.com/MX-Z/Site-to-site_VPN/Configuring_Cisco_2811_router_for_Site-to-site_VPN_with_MX_Series_Appliance_using_the_Command_Line_Interface
For Uturn on the Router you can check this NAT on stick config:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/6505-nat-on-stick.html
Hope this info helps!!
Rate if helps you!!
-JP-
10-21-2016 10:04 AM
Hi
Thanks for the quick reply. I have the following situation:
Client PC --- L2TP Client Router (dynamic IP) --- MX64 L2TP Server (static IP) --- Server
So the client PC it self shouldn't have to do a VPN. This should do the router. I don't need a site2site VPN. This is just a branch office with a couple of Clients (DHCP from the router).
Here the config snips from the router:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 4000
crypto isakmp key 123456 address 172.23.13.207
!
crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
mode transport
!
crypto map L2TP_VPN 10 ipsec-isakmp
set peer 172.23.13.207
set transform-set ESP-AES256-SHA1
match address L2TP_TRAFFIC
!
archive
log config
hidekeys
!
!
pseudowire-class L2TP_PW
encapsulation l2tpv2
ip local interface FastEthernet4
!!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
crypto map L2TP_VPN
!
interface Virtual-PPP1
description L2TP Tunnel
ip address negotiated
ppp chap hostname vpn@bwo.ch
ppp chap password 0 ***
ppp ipcp address accept
pseudowire 172.23.13.207 1 pw-class L2TP_PW
!
ip access-list extended L2TP_TRAFFIC
permit udp host 172.23.13.135 eq 1701 host 172.23.13.207 eq 1701
!
Router Output:
Cheers Daniel
11-27-2018 12:05 AM
Please inform me if you are able to send your advice regarding the problem that I have:
Trying to port open ports 4500 & 500 (UDP) to have access on ISR 4331 from Meraki MX84 device.
These ports are requested from Meraki to be opened to work client VPN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide